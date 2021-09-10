



WhatsApp will give 2 billion users the option to encrypt chat backups to the cloud on Friday, making it one of the trickiest ways that private communications between individuals on the app can be compromised. He said he would take an important step in closing the lid.

The Facebook-owned service has been end-to-end encrypted chat between users for over a decade. However, users had no choice but to store their chat backups in unencrypted format on iPhone’s cloud iCloud and Android’s Google Drive.

Utilizing backups of these unencrypted WhatsApp chats on Google and Apple servers is one of the well-known ways law enforcement agencies around the world have been able to access the suspect’s WhatsApp chats. ..

WhatsApp now says it is patching this weak link in the system.

WhatsApp is the first global messaging service of this scale to provide end-to-end encrypted messaging and backup, and to reach it, a brand new framework for key storage and cloud storage across the operating system. There was a very difficult technical challenge that we needed. Executive Mark Zuckerberg in a post announcing new features.

Save your own encryption key

The company said it has devised a system that allows Android and iOS WhatsApp users to lock chat backups using encryption keys. WhatsApp states that it provides users with two ways to encrypt cloud backups, and this feature is optional.

In the coming weeks, WhatsApp users will be given the option to generate a 64-digit encryption key to lock their chat backups to the cloud. Users can save the encryption key offline or in a password manager of their choice, or create a password to back up the encryption key to a cloud-based “backup key vault” developed by WhatsApp. Encryption keys stored in the cloud cannot be used without a user password that WhatsApp does not recognize.

Some people prefer a 64-digit encryption key, while others prefer something that is easy to remember, so include both options. When the user sets a backup password, we don’t know it. If they forget it, they can reset it on their original device, WhatsApp said.

For 64-digit keys, signing up for an end-to-end encrypted backup tells the user multiple times that if the user loses the 64-digit key, the backup cannot be restored and a backup must be created. .. under. Ask the user to verify that they have saved their password or 64-digit encryption key before setup is complete.

A WhatsApp spokeswoman told TechCrunch that when an encrypted backup is created, it deletes a previous copy of the backup. “This is done automatically and there is no action the user needs to take,” a spokeswoman added.

Potential regulatory backlash?

The move to introduce this additional layer of privacy is important and can have widespread implications.

End-to-end encryption remains a topic of debate as the government continues lobbying for backdoors. Apple was reportedly pressured not to add encryption to iCloud backups after the FBI complained.

When TechCrunch asked if WhatsApp or its parent company Facebook consulted with a government agency or was assisted during the development process for this feature, the company refused to discuss such conversations.

“People’s messages are very personal and we believe that as we have more opportunities to live online, businesses need to increase the security they provide to their users. Release this feature. We are excited to give users the option to add this layer of security to their backups as needed, significantly improving the security of their personal messages, “the company said. TechCrunch.

WhatsApp has also confirmed that it will roll out this optional feature in all markets where the app operates. It is not uncommon for businesses to withhold privacy features for legal and regulatory reasons. For example, Apple’s upcoming encrypted browsing capabilities will not be available to users of certain authoritarian regimes such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda, and the Philippines.

In any case, Friday’s announcement states that ProPublica will allow human contractors to read private end-to-end encrypted conversations between two users when a message is reported by a user. It will take place a few days after you report it.

“It’s very difficult to fully encrypt a backup, and it’s especially difficult to make it reliable and simple enough for people to use. Other messaging services of this size don’t do this, and people We don’t provide this level of security for our messages, “Uzma Barlaskar, WhatsApp’s privacy product leader, told TechCrunch.

“We’ve been working on this issue for many years. To build it, we needed to develop a whole new framework for key storage and cloud storage that could be used with the world’s largest operating system, which was time consuming. rice field.

